Configuring AAA and RADIUS 539

Table 609 Configure FTP User and the Usable Directory

 

 

Operation

Command

 

 

Configure an FTP user and the usable

local-user user [ ftp-directory

directory

directory ] ...

 

 

Delete an FTP user and the usable

undo local-user user

directory

 

 

 

Authorize a User with Usable Service Types

The services, which can be used by a user, are authorized in the local database.

Presently there are five service types, which are listed as follows:

exec refers to operations that include logging in to the router and configuring it via Telnet or other means (such as Console port, AUX port, X25PAD call, etc).

exec-administrator: Authorized “administrator” user can use EXEC. EXEC refers to the operation of logging into the router by means of Telnet or through console port, AUX port and X.25PAD.

exec-guest: Authorized “guest” user can use EXEC.

exec-operator: Authorized “operator” user can use EXEC.

ftp refers to operations that include logon to the router via file transmission so as to share corresponding services.

ppp refers to remote dial-in service used by the user.

When a single service is authorized to a user, it is only necessary to configure any one of the parameters of exec, ftp, and ppp after the service type. When multiple services are authorized to a user, it is necessary to configure over 2 types of the above-mentioned parameters, other than to use this command repeatedly, because the new service type will overwrite the old one, not to pack the service type.

Table 610 Configure Authorizing a User with Usable Service Types

Operation

Command

 

 

Configure authorizing a user with usable

local-user user [ service-type {

services

exec-administrator exec-guest

 

exec-operator ftp ppp } ... ] ...

 

 

Delete authorizing a user with usable

undo local-user user-name

services

 

 

 

By default users are authorized to use services of PPP type.

Configure RADIUS Perform the following configurations in system view.

Server

Configure IP Address, Authentication Port Number and Accounting Port

Number of the Server Host

At most 3 RADIUS servers can be configured for a user.

RADIUS follows the principles below to select authentication and accounting server:

Servers are used in the sequence in which they are configured.

Page 543
Image 543
3Com 10014299 manual Authorize a User with Usable Service Types, Configure FTP User and the Usable Directory